Bug 1007447 – check for active sessions not troll proc for uids

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1007447 - check for active sessions not troll proc for uids

Summary:	check for active sessions not troll proc for uids

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd (Show other bugs)
Sub Component:
Version:	7.0
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Jakub Hrozek
QA Contact:	Kaushik Banerjee
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2013-09-12 09:54 EDT by Dmitri Pal
Modified:	2015-03-05 05:27 EST (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	sssd-1.12.0-1.el7
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-03-05 05:27:16 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0441	normal	SHIPPED_LIVE	sssd bug fix and enhancement update	2015-03-05 10:05:27 EST

Groups: None (edit)

Description Dmitri Pal 2013-09-12 09:54:27 EDT

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2084

When we want to check if a user is logged in (in oreder to decide, for example. whether to keep an old random FILE cache type name) we currently troll /proc to find if any user proces for that uid is present.

We should instead use proper system session management (libsystemd-login and utmp as fallback) to check if a user is actually logged in or not.

It will be faster and cleaner.

We need to just release note this issue. No special QE effort required.

Comment 1 Jakub Hrozek 2013-09-16 09:56:56 EDT

Fixed upstream.

Comment 2 Jenny Galipeau 2013-09-19 09:14:01 EDT

please add steps to reproduce

Comment 3 Jakub Hrozek 2013-09-19 11:24:18 EDT

This is an improvement in functionality, so not much to "reproduce". But to make sure that the functionality to detect the user is logged in still works, do the following:

1) login from one terminal with ssh
type klist to see the ccache
2) login from another terminal as the same user
type klist again. It should be the same ccache path.

Please also test different methods of login, at least ssh and su. Sumit found out that with the current git head, su doesn't really work reliably.

Comment 6 Martin Kosek 2014-06-17 08:13:50 EDT

Fixed upstream:

b49a7d90708e816120ff88ce5a88fa62b35ff795

Comment 8 Kaushik Banerjee 2015-01-13 09:11:44 EST

Verified with sssd-1.12.2-39.el7

Output from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: BZ1007447 Validate ccache name for multiple logins
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service
:: [ 08:35:28 ] :: Sleeping for 5 seconds

spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:33:28 2015
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_1
-bash-4.2$ exit


spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:33:28 2015
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_2
-bash-4.2$ exit

spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:35:34 2015 from localhost
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_3
-bash-4.2$ exit

:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_ssh_ccache_name_2 /tmp/klist_ssh_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_ssh_ccache_name_2 /tmp/klist_ssh_ccache_name_1'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_ssh_ccache_name_3 /tmp/klist_ssh_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_ssh_ccache_name_3 /tmp/klist_ssh_ccache_name_1'' (Expected 0, got 0)


spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_1
bash-4.2$ exit

spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_2
bash-4.2$ exit

spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_3
bash-4.2$ exit

:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_su_ccache_name_2 /tmp/klist_su_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_su_ccache_name_2 /tmp/klist_su_ccache_name_1'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_su_ccache_name_3 /tmp/klist_su_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_su_ccache_name_3 /tmp/klist_su_ccache_name_1'' (Expected 0, got 0)
BZ1007447-Validate-ccache-name-for-multiple-logins result: PASS

Comment 10 errata-xmlrpc 2015-03-05 05:27:16 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0441.html

Note You need to log in before you can comment on or make changes to this bug.